[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   23.182128] audit: type=1800 audit(1540510043.410:21): pid=5171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   23.209537] audit: type=1800 audit(1540510043.410:22): pid=5171 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   52.674553] ==================================================================
[   52.682022] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   52.689113] Read of size 8 at addr ffff8801d89f0968 by task syz-executor278/5330
[   52.696624] 
[   52.698250] CPU: 1 PID: 5330 Comm: syz-executor278 Not tainted 4.19.0+ #303
[   52.705442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.714782] Call Trace:
[   52.717358]  dump_stack+0x244/0x39d
[   52.720973]  ? dump_stack_print_info.cold.1+0x20/0x20
[   52.726148]  ? printk+0xa7/0xcf
[   52.729413]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   52.734200]  print_address_description.cold.7+0x9/0x1ff
[   52.739665]  kasan_report.cold.8+0x242/0x309
[   52.744132]  ? sctp_getsockopt+0x7516/0x7cc2
[   52.748541]  __asan_report_load8_noabort+0x14/0x20
[   52.753458]  sctp_getsockopt+0x7516/0x7cc2
[   52.757731]  ? trace_hardirqs_off_caller+0x310/0x310
[   52.762830]  ? compat_start_thread+0x80/0x80
[   52.767230]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   52.773445]  ? _raw_spin_unlock_irq+0x60/0x80
[   52.777933]  ? finish_task_switch+0x1f4/0x910
[   52.782413]  ? finish_task_switch+0x1b4/0x910
[   52.786893]  ? __switch_to_asm+0x34/0x70
[   52.790946]  ? preempt_notifier_register+0x200/0x200
[   52.796043]  ? __switch_to_asm+0x34/0x70
[   52.800089]  ? __switch_to_asm+0x34/0x70
[   52.804131]  ? __switch_to_asm+0x40/0x70
[   52.808176]  ? __switch_to_asm+0x34/0x70
[   52.812219]  ? __switch_to_asm+0x40/0x70
[   52.816275]  ? __switch_to_asm+0x34/0x70
[   52.820321]  ? __switch_to_asm+0x40/0x70
[   52.824366]  ? __switch_to_asm+0x34/0x70
[   52.828411]  ? __switch_to_asm+0x34/0x70
[   52.832450]  ? __switch_to_asm+0x40/0x70
[   52.836492]  ? __switch_to_asm+0x34/0x70
[   52.840533]  ? __switch_to_asm+0x40/0x70
[   52.844584]  ? __switch_to_asm+0x34/0x70
[   52.848738]  ? __switch_to_asm+0x40/0x70
[   52.852787]  ? __schedule+0x8d7/0x21d0
[   52.856664]  ? __enqueue_entity+0x10d/0x1f0
[   52.860969]  ? __sched_text_start+0x8/0x8
[   52.865111]  ? zap_class+0x640/0x640
[   52.868817]  ? plist_check_list+0xa0/0xa0
[   52.872946]  ? zap_class+0x640/0x640
[   52.876668]  ? perf_trace_sched_process_exec+0x860/0x860
[   52.882099]  ? print_usage_bug+0xc0/0xc0
[   52.886143]  ? do_raw_spin_trylock+0x270/0x270
[   52.890711]  ? lock_acquire+0x1ed/0x520
[   52.894673]  ? __might_sleep+0x95/0x190
[   52.898634]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.904155]  ? futex_wait_queue_me+0x55d/0x840
[   52.908726]  ? __lock_acquire+0x62f/0x4c20
[   52.912950]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.918479]  ? get_futex_value_locked+0xcb/0xf0
[   52.923134]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   52.928135]  ? futex_wait_setup+0x266/0x3e0
[   52.932443]  ? mark_held_locks+0x130/0x130
[   52.936661]  ? futex_wake+0x760/0x760
[   52.940454]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   52.945633]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   52.950732]  ? futex_wait+0x5ec/0xa50
[   52.954531]  ? futex_wait_setup+0x3e0/0x3e0
[   52.958842]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   52.964026]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   52.969113]  ? futex_wake+0x304/0x760
[   52.972900]  ? zap_class+0x640/0x640
[   52.976623]  ? find_held_lock+0x36/0x1c0
[   52.980797]  ? __fget+0x4aa/0x740
[   52.984236]  ? lock_downgrade+0x900/0x900
[   52.988366]  ? check_preemption_disabled+0x48/0x280
[   52.993367]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   52.998288]  ? kasan_check_read+0x11/0x20
[   53.002435]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   53.007697]  ? rcu_softirq_qs+0x20/0x20
[   53.011664]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.017183]  ? aa_label_sk_perm+0x46d/0x8e0
[   53.021490]  ? aa_profile_af_perm+0x410/0x410
[   53.025969]  ? ksys_dup3+0x680/0x680
[   53.029685]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   53.034595]  ? aa_sk_perm+0x218/0x8b0
[   53.038436]  ? fget_raw+0x20/0x20
[   53.041885]  ? release_sock+0x1ec/0x2c0
[   53.045848]  ? aa_af_perm+0x5a0/0x5a0
[   53.049638]  ? __local_bh_enable_ip+0x160/0x260
[   53.054292]  ? _raw_spin_unlock_bh+0x30/0x40
[   53.058692]  sock_common_getsockopt+0x9a/0xe0
[   53.063179]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   53.069402]  ? sock_common_getsockopt+0x9a/0xe0
[   53.074061]  __sys_getsockopt+0x1ad/0x390
[   53.078207]  ? kernel_setsockopt+0x1d0/0x1d0
[   53.082655]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   53.087232]  ? trace_hardirqs_on+0xbd/0x310
[   53.091548]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.096900]  ? trace_hardirqs_off_caller+0x310/0x310
[   53.101994]  __x64_sys_getsockopt+0xbe/0x150
[   53.106433]  do_syscall_64+0x1b9/0x820
[   53.110317]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.115671]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.120594]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.125618]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.130628]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   53.137424]  ? __switch_to_asm+0x40/0x70
[   53.141476]  ? __switch_to_asm+0x34/0x70
[   53.145525]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.150363]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.155591] RIP: 0033:0x445789
[   53.158798] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.177691] RSP: 002b:00007effdb293db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   53.185389] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445789
[   53.192759] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   53.200019] RBP: 00000000006dac40 R08: 0000000020000040 R09: 0000000000000000
[   53.207271] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac4c
[   53.214525] R13: 00007ffcfc408c6f R14: 00007effdb2949c0 R15: 00000000006dad2c
[   53.221788] 
[   53.223398] Allocated by task 5329:
[   53.227008]  save_stack+0x43/0xd0
[   53.230444]  kasan_kmalloc+0xc7/0xe0
[   53.234139]  kmem_cache_alloc_trace+0x152/0x750
[   53.238978]  sctp_stream_init_ext+0x4f/0xf0
[   53.243283]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   53.247940]  sctp_sendmsg+0x13c2/0x1da0
[   53.251904]  inet_sendmsg+0x1a1/0x690
[   53.255691]  sock_sendmsg+0xd5/0x120
[   53.259394]  __sys_sendto+0x3d7/0x670
[   53.263180]  __x64_sys_sendto+0xe1/0x1a0
[   53.267231]  do_syscall_64+0x1b9/0x820
[   53.271113]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.276281] 
[   53.277892] Freed by task 3223:
[   53.281160]  save_stack+0x43/0xd0
[   53.284599]  __kasan_slab_free+0x102/0x150
[   53.288824]  kasan_slab_free+0xe/0x10
[   53.292619]  kfree+0xcf/0x230
[   53.295718]  kzfree+0x28/0x30
[   53.298813]  apparmor_file_free_security+0x133/0x1a0
[   53.303908]  security_file_free+0x4a/0x80
[   53.308089]  __fput+0x4e8/0xa30
[   53.311365]  ____fput+0x15/0x20
[   53.314631]  task_work_run+0x1e8/0x2a0
[   53.318546]  exit_to_usermode_loop+0x318/0x380
[   53.323123]  do_syscall_64+0x6be/0x820
[   53.327010]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.332190] 
[   53.333815] The buggy address belongs to the object at ffff8801d89f0900
[   53.333815]  which belongs to the cache kmalloc-96 of size 96
[   53.346286] The buggy address is located 8 bytes to the right of
[   53.346286]  96-byte region [ffff8801d89f0900, ffff8801d89f0960)
[   53.358405] The buggy address belongs to the page:
[   53.363326] page:ffffea0007627c00 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   53.371459] flags: 0x2fffc0000000100(slab)
[   53.375683] raw: 02fffc0000000100 ffffea0007646748 ffffea0007613488 ffff8801da8004c0
[   53.383554] raw: 0000000000000000 ffff8801d89f0000 0000000100000020 0000000000000000
[   53.391418] page dumped because: kasan: bad access detected
[   53.397114] 
[   53.398729] Memory state around the buggy address:
[   53.403642]  ffff8801d89f0800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   53.410980]  ffff8801d89f0880: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   53.418330] >ffff8801d89f0900: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   53.425670]                                                           ^
[   53.432449]  ffff8801d89f0980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   53.439798]  ffff8801d89f0a00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   53.447176] ==================================================================
[   53.454525] Disabling lock debugging due to kernel taint
[   53.460102] Kernel panic - not syncing: panic_on_warn set ...
[   53.460102] 
[   53.467460] CPU: 1 PID: 5330 Comm: syz-executor278 Tainted: G    B             4.19.0+ #303
[   53.475931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.485266] Call Trace:
[   53.487844]  dump_stack+0x244/0x39d
[   53.491456]  ? dump_stack_print_info.cold.1+0x20/0x20
[   53.496635]  panic+0x238/0x4e7
[   53.499820]  ? add_taint.cold.5+0x16/0x16
[   53.503955]  ? preempt_schedule+0x4d/0x60
[   53.508087]  ? ___preempt_schedule+0x16/0x18
[   53.512479]  ? trace_hardirqs_on+0xb4/0x310
[   53.516787]  kasan_end_report+0x47/0x4f
[   53.520747]  kasan_report.cold.8+0x76/0x309
[   53.525061]  ? sctp_getsockopt+0x7516/0x7cc2
[   53.529464]  __asan_report_load8_noabort+0x14/0x20
[   53.534381]  sctp_getsockopt+0x7516/0x7cc2
[   53.538600]  ? trace_hardirqs_off_caller+0x310/0x310
[   53.543697]  ? compat_start_thread+0x80/0x80
[   53.548092]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   53.554313]  ? _raw_spin_unlock_irq+0x60/0x80
[   53.558803]  ? finish_task_switch+0x1f4/0x910
[   53.563287]  ? finish_task_switch+0x1b4/0x910
[   53.567766]  ? __switch_to_asm+0x34/0x70
[   53.571813]  ? preempt_notifier_register+0x200/0x200
[   53.576896]  ? __switch_to_asm+0x34/0x70
[   53.580945]  ? __switch_to_asm+0x34/0x70
[   53.584992]  ? __switch_to_asm+0x40/0x70
[   53.589041]  ? __switch_to_asm+0x34/0x70
[   53.593092]  ? __switch_to_asm+0x40/0x70
[   53.597146]  ? __switch_to_asm+0x34/0x70
[   53.601193]  ? __switch_to_asm+0x40/0x70
[   53.605235]  ? __switch_to_asm+0x34/0x70
[   53.609284]  ? __switch_to_asm+0x34/0x70
[   53.613333]  ? __switch_to_asm+0x40/0x70
[   53.617376]  ? __switch_to_asm+0x34/0x70
[   53.621419]  ? __switch_to_asm+0x40/0x70
[   53.625462]  ? __switch_to_asm+0x34/0x70
[   53.629504]  ? __switch_to_asm+0x40/0x70
[   53.633548]  ? __schedule+0x8d7/0x21d0
[   53.637416]  ? __enqueue_entity+0x10d/0x1f0
[   53.641726]  ? __sched_text_start+0x8/0x8
[   53.645862]  ? zap_class+0x640/0x640
[   53.649567]  ? plist_check_list+0xa0/0xa0
[   53.653692]  ? zap_class+0x640/0x640
[   53.657407]  ? perf_trace_sched_process_exec+0x860/0x860
[   53.662840]  ? print_usage_bug+0xc0/0xc0
[   53.666881]  ? do_raw_spin_trylock+0x270/0x270
[   53.671451]  ? lock_acquire+0x1ed/0x520
[   53.675465]  ? __might_sleep+0x95/0x190
[   53.679434]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.684957]  ? futex_wait_queue_me+0x55d/0x840
[   53.689526]  ? __lock_acquire+0x62f/0x4c20
[   53.693744]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.699267]  ? get_futex_value_locked+0xcb/0xf0
[   53.703922]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   53.708920]  ? futex_wait_setup+0x266/0x3e0
[   53.713224]  ? mark_held_locks+0x130/0x130
[   53.717444]  ? futex_wake+0x760/0x760
[   53.721227]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   53.726410]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   53.731494]  ? futex_wait+0x5ec/0xa50
[   53.735343]  ? futex_wait_setup+0x3e0/0x3e0
[   53.739656]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   53.744832]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   53.749917]  ? futex_wake+0x304/0x760
[   53.753701]  ? zap_class+0x640/0x640
[   53.757410]  ? find_held_lock+0x36/0x1c0
[   53.761460]  ? __fget+0x4aa/0x740
[   53.764940]  ? lock_downgrade+0x900/0x900
[   53.769079]  ? check_preemption_disabled+0x48/0x280
[   53.774082]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   53.778998]  ? kasan_check_read+0x11/0x20
[   53.783171]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   53.788436]  ? rcu_softirq_qs+0x20/0x20
[   53.792395]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.797912]  ? aa_label_sk_perm+0x46d/0x8e0
[   53.802222]  ? aa_profile_af_perm+0x410/0x410
[   53.806702]  ? ksys_dup3+0x680/0x680
[   53.810417]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   53.815374]  ? aa_sk_perm+0x218/0x8b0
[   53.819165]  ? fget_raw+0x20/0x20
[   53.822612]  ? release_sock+0x1ec/0x2c0
[   53.826581]  ? aa_af_perm+0x5a0/0x5a0
[   53.830391]  ? __local_bh_enable_ip+0x160/0x260
[   53.835045]  ? _raw_spin_unlock_bh+0x30/0x40
[   53.839446]  sock_common_getsockopt+0x9a/0xe0
[   53.843990]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   53.850217]  ? sock_common_getsockopt+0x9a/0xe0
[   53.854874]  __sys_getsockopt+0x1ad/0x390
[   53.859004]  ? kernel_setsockopt+0x1d0/0x1d0
[   53.863396]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   53.867960]  ? trace_hardirqs_on+0xbd/0x310
[   53.872265]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.877660]  ? trace_hardirqs_off_caller+0x310/0x310
[   53.882763]  __x64_sys_getsockopt+0xbe/0x150
[   53.887161]  do_syscall_64+0x1b9/0x820
[   53.891029]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.896376]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.901296]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.906383]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.911389]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   53.918105]  ? __switch_to_asm+0x40/0x70
[   53.922171]  ? __switch_to_asm+0x34/0x70
[   53.926223]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.931061]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.936237] RIP: 0033:0x445789
[   53.939414] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.958300] RSP: 002b:00007effdb293db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   53.965988] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445789
[   53.973239] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   53.980493] RBP: 00000000006dac40 R08: 0000000020000040 R09: 0000000000000000
[   53.987744] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac4c
[   53.994999] R13: 00007ffcfc408c6f R14: 00007effdb2949c0 R15: 00000000006dad2c
[   54.003089] Kernel Offset: disabled
[   54.006755] Rebooting in 86400 seconds..